吉祥寺北口システムが気になった記事をクリップしています。タイトルから元記事にリンクしています。タグは記事タイトルを形態素分析しています。たまにコメントをつけています。

Moodle

• August 29, 2024 Advisory: Moodle Calculated Questions RCE [CVE-2024-43425] | Censys
  • 2024(1473)
  • 29(312)
  • 43425(1)
  • Advisory(250)
  • August(30)
  • Calculated(4)
  • Censys(1)
  • CVE-(1427)
  • Moodle(29)
  • questions(18)
  • RCE(30)
• Moodle.org: MSA-24-0026: Remote code execution via calculated question types | Moodle.org
  • 0026(1)
  • 24(462)
  • Calculated(4)
  • Code(400)
  • execution(116)
  • Moodle(29)
  • MSA-(21)
  • org(402)
  • question(5)
  • Remote(203)
  • Types(19)
  • via(72)
• Moodle.org: MSA-20-0004: Admin PHP unit webrunner tool requires additional input escaping
  • 0004(3)
  • 20(898)
  • Additional(21)
  • Admin(30)
  • escaping(2)
  • input(13)
  • Moodle(29)
  • MSA-(21)
  • org(402)
  • PHP(175)
  • Requires(5)
  • tool(105)
  • Unit(32)
  • webrunner(1)
• Moodle.org: MSA-20-0003: IP addresses can be spoofed using X-Forwarded-For
  • 0003(3)
  • 20(898)
  • Addresses(18)
  • BE(151)
  • can(241)
  • IP(348)
  • Moodle(29)
  • MSA-(21)
  • org(402)
  • spoofed(3)
  • using(213)
  • X-Forwarded-For(1)
• Moodle.org: MSA-20-0002: Grade history report does not respect Separate groups mode in the course settings
  • 0002(3)
  • 20(898)
  • Course(9)
  • Does(28)
  • GRADE(10)
  • Groups(31)
  • History(55)
  • in(2447)
  • Mode(77)
  • Moodle(29)
  • MSA-(21)
  • Not(117)
  • org(402)
  • Report(334)
  • respect(5)
  • Separate(3)
  • settings(15)
  • the(4365)
• Moodle.org: MSA-19-0003: User full name is not escaped in the un-linked userpix page
  • 0003(3)
  • 19(777)
  • escaped(1)
  • Full(53)
  • in(2447)
  • is(1010)
  • Moodle(29)
  • MSA-(21)
  • Name(46)
  • Not(117)
  • org(402)
  • Page(64)
  • the(4365)
  • un-linked(1)
  • user(133)
  • userpix(1)
• Moodle.org: MSA-19-0002: Blind SSRF Risk in /badges/mybackpack.php
  • 0002(3)
  • 19(777)
  • badges(2)
  • Blind(7)
  • in(2447)
  • Moodle(29)
  • MSA-(21)
  • mybackpack(1)
  • org(402)
  • PHP(175)
  • Risk(79)
  • SSRF(9)
• Moodle.org: MSA-19-0001: Manage groups capability is missing XSS risk flag
  • 0001(3)
  • 19(777)
  • Capability(8)
  • Flag(9)
  • Groups(31)
  • is(1010)
  • manage(25)
  • Missing(11)
  • Moodle(29)
  • MSA-(21)
  • org(402)
  • Risk(79)
  • XSS(55)
• Moodle.org: Moodle 3.5.3 and other minor versions released
  • 3.5.3(1)
  • and(3289)
  • minor(3)
  • Moodle(29)
  • org(402)
  • other(47)
  • released(209)
  • versions(27)
• Moodle.org: MSA-18-0020: Login CSRF vulnerability in login form
  • 0020(1)
  • 18(403)
  • CSRF(15)
  • Form(47)
  • in(2447)
  • login(20)
  • Moodle(29)
  • MSA-(21)
  • org(402)
  • Vulnerability(515)
• Moodle.org: MSA-18-0012: Portfolio script allows instantiation of class chosen by user
  • 0012(5)
  • 18(403)
  • allows(25)
  • by(1069)
  • chosen(3)
  • Class(40)
  • instantiation(1)
  • Moodle(29)
  • MSA-(21)
  • of(3341)
  • org(402)
  • Portfolio(15)
  • Script(12)
  • user(133)
• Moodle.org: MSA-18-0007: Calculated question type allows remote code execution by Question authors
  • 0007(2)
  • 18(403)
  • allows(25)
  • Authors(2)
  • by(1069)
  • Calculated(4)
  • Code(400)
  • execution(116)
  • Moodle(29)
  • MSA-(21)
  • org(402)
  • question(5)
  • Remote(203)
  • Type(149)
• Moodle.org: MSA-18-0006: Suspended users with OAuth 2 authentication method can still log in to the site
  • 0006(3)
  • 18(403)
  • authentication(69)
  • can(241)
  • in(2447)
  • log(103)
  • method(18)
  • Moodle(29)
  • MSA-(21)
  • OAuth(21)
  • org(402)
  • site(432)
  • Still(32)
  • Suspended(5)
  • the(4365)
  • to(3295)
  • Users(195)
  • with(1607)
• Moodle.org: MSA-18-0005: Unauthenticated users can trigger custom messages to admin via paypal enrol script
  • 0005(1)
  • 18(403)
  • Admin(30)
  • can(241)
  • custom(64)
  • enrol(1)
  • Messages(28)
  • Moodle(29)
  • MSA-(21)
  • org(402)
  • PayPal(72)
  • Script(12)
  • to(3295)
  • trigger(9)
  • Unauthenticated(13)
  • Users(195)
  • via(72)
• Moodle.org: Moodle 3.2.3, 3.1.6, 3.0.10 and 2.7.20 are now available
  • 2.7.20(1)
  • 3.0.10(1)
  • 3.1.6(1)
  • 3.2.3(1)
  • and(3289)
  • Are(214)
  • available(346)
  • Moodle(29)
  • now(622)
  • org(402)
• Moodle.org: MSA-16-0022: Web service tokens should be invalidated when the user password is changed or forced to be changed
  • BE(151)
  • changed(6)
  • forced(3)
  • invalidated(1)
  • is(1010)
  • Moodle(29)
  • MSA-(21)
  • or(98)
  • org(402)
  • password(107)
  • Service(812)
  • should(24)
  • the(4365)
  • to(3295)
  • tokens(12)
  • user(133)
  • Web(9079)
  • when(84)
• oss-sec: Moodle security release 3.0.4, 2.9.6, 2.8.12, 2.7.14
  • Moodle(29)
  • oss-sec(64)
  • Release(853)
  • Security(5710)
• Moodle.org: MSA-16-0002: XSS Vulnerability in course management search
  • Course(9)
  • in(2447)
  • Management(229)
  • Moodle(29)
  • MSA-(21)
  • org(402)
  • Search(289)
  • Vulnerability(515)
  • XSS(55)
• Moodle.org: MSA-16-0001: Two enrolment-related web services don’t check course visibility
  • Check(111)
  • Course(9)
  • Don't(21)
  • enrolment-related(1)
  • Moodle(29)
  • MSA-(21)
  • org(402)
  • Services(6355)
  • Two(113)
  • Visibility(14)
  • Web(9079)
• Moodle.org: Moodle 2.9.1, 2.8.7 and 2.7.9 are now available
  • and(3289)
  • Are(214)
  • available(346)
  • Moodle(29)
  • now(622)
  • org(402)
• oss-sec: Moodle security advisories [vs]
  • Advisories(69)
  • Moodle(29)
  • oss-sec(64)
  • Security(5710)
  • vs(87)
• Moodle.org: MSA-15-0010: Personal contacts and number of unread messages can be revealed
  • and(3289)
  • BE(151)
  • can(241)
  • Contacts(8)
  • Messages(28)
  • Moodle(29)
  • MSA-(21)
  • number(20)
  • of(3341)
  • org(402)
  • Personal(52)
  • revealed(11)
  • unread(1)
• Moodle.org: MSA-15-0017: XSS in quiz statistics report
  • in(2447)
  • Moodle(29)
  • MSA-(21)
  • org(402)
  • quiz(8)
  • Report(334)
  • statistics(15)
  • XSS(55)
• Moodle.org: MSA-15-0009: Directory Traversal Attack possible through some files serving JS
  • Attack(173)
  • Directory(82)
  • files(67)
  • js(227)
  • Moodle(29)
  • MSA-(21)
  • org(402)
  • possible(27)
  • Serving(12)
  • some(41)
  • through(95)
  • traversal(8)
• Moodle.org: Moodle 2.8.2, 2.7.4 and 2.6.7 are now available
  • and(3289)
  • Are(214)
  • available(346)
  • Moodle(29)
  • now(622)
  • org(402)
• Moodle.org: MSA-14-0035: Headers not added to some AJAX scripts
  • added(15)
  • Ajax(6)
  • Headers(8)
  • Moodle(29)
  • MSA-(21)
  • Not(117)
  • org(402)
  • scripts(9)
  • some(41)
  • to(3295)
• Moodle.org: MSA-14-0034: Identity information revealed early in Q&A forum
  • early(44)
  • Forum(35)
  • Identity(71)
  • in(2447)
  • INFORMATION(226)
  • Moodle(29)
  • MSA-(21)
  • org(402)
  • revealed(11)
• Moodle.org: MSA-14-0033: URL parameter injection in CAS authentication
  • authentication(69)
  • CAS(10)
  • in(2447)
  • Injection(59)
  • Moodle(29)
  • MSA-(21)
  • org(402)
  • parameter(8)
  • URL(188)
• Moodle.org: Moodle 2.3.3, 2.2.6 and 2.1.9 are now available
  • and(3289)
  • Are(214)
  • available(346)
  • Moodle(29)
  • now(622)
  • org(402)